https://community.cisco.com/t5/cloud-security/cisco-umbrella-policy/m-p/4711400#M1583 <P>I am a new customer with cisco umbrella. We are using AD Groups to determine Categories that are allowed.&nbsp;</P><P>What is the best way to exclude a user from being blocked on a site ?</P><P>If we have 100 users excluded from shopping, And we want a user to be able to access Amazon.com.</P><P>Or we need 1 user to be able to access Facebook when the Social media category is blocked.</P><P>Do we create a new AD Group and a new umbrella policy that allows the site ? Or is there an easier way that i may be overlooking</P> Thu, 27 Oct 2022 02:47:23 GMT tcooke 2022-10-27T02:47:23Z https://community.cisco.com/t5/cloud-security/cisco-umbrella-policy/m-p/4711400#M1583 <P>I am a new customer with cisco umbrella. We are using AD Groups to determine Categories that are allowed.&nbsp;</P><P>What is the best way to exclude a user from being blocked on a site ?</P><P>If we have 100 users excluded from shopping, And we want a user to be able to access Amazon.com.</P><P>Or we need 1 user to be able to access Facebook when the Social media category is blocked.</P><P>Do we create a new AD Group and a new umbrella policy that allows the site ? Or is there an easier way that i may be overlooking</P> Thu, 27 Oct 2022 02:47:23 GMT https://community.cisco.com/t5/cloud-security/cisco-umbrella-policy/m-p/4711400#M1583 tcooke 2022-10-27T02:47:23Z https://community.cisco.com/t5/cloud-security/cisco-umbrella-policy/m-p/4711619#M1584 <P>Hello tcooke,</P> <P>What I do in such a scenario is to create a new policy that I will set at the top of the stack and as the identity, I will place that specific user:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="aaragonb_0-1666857291670.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/166468iB2DAEB6B8F4A3907/image-size/medium?v=v2&amp;px=400" role="button" title="aaragonb_0-1666857291670.png" alt="aaragonb_0-1666857291670.png" /></span></P> <P>&nbsp;</P> <P>This way, that user will be allowed but the rest will be blocked.</P> <P>You can see more examples here:&nbsp;<A href="https://docs.umbrella.com/umbrella-user-guide/docs/best-practices-for-dns-policies" target="_blank">https://docs.umbrella.com/umbrella-user-guide/docs/best-practices-for-dns-policies</A></P> Thu, 27 Oct 2022 07:58:39 GMT https://community.cisco.com/t5/cloud-security/cisco-umbrella-policy/m-p/4711619#M1584 aaragonb 2022-10-27T07:58:39Z https://community.cisco.com/t5/cloud-security/cisco-umbrella-policy/m-p/4711798#M1585 <P>Thank You. I will try this&nbsp;</P> Thu, 27 Oct 2022 13:16:50 GMT https://community.cisco.com/t5/cloud-security/cisco-umbrella-policy/m-p/4711798#M1585 tcooke 2022-10-27T13:16:50Z https://community.cisco.com/t5/cloud-security/cisco-umbrella-policy/m-p/4723846#M1602 <P>Hello Tcooke,</P> <P>There are 2 ways to do this:</P> <P>1. configure a separate policy for the user who should be able to access the mentioned site above the policy that is causing block.</P> <P>2.&nbsp; In the same policy, you can configure a block page bypass rule for a specific user to bypass the blocked site , for configuration and steps for it, please follow this link:&nbsp;<A href="https://docs.umbrella.com/umbrella-user-guide/docs/set-up-a-block-page-bypass-user" target="_blank" rel="noopener">https://docs.umbrella.com/umbrella-user-guide/docs/set-up-a-block-page-bypass-user</A></P> <P>I hope it helps.</P> Fri, 18 Nov 2022 14:13:42 GMT https://community.cisco.com/t5/cloud-security/cisco-umbrella-policy/m-p/4723846#M1602 Esha Goyal 2022-11-18T14:13:42Z